How to Set Up a Website (and make it secure)

If you have a business you need a website, and with a website you need website security. This means you need to know how to set up a website for a business.

When it comes to setting up a website for a business these days it’s never been easier. Content Management Systems (CMS) allow for easy-to-build, intuitive ways of creating and deploying content to customers. Unfortunately, the ease of website development has resulted in security holes where creators don’t always understand the threats they face and what’s at risk.

You need website security for yourself, your organisation, and your end users. As threats from hackers grow each year, website security must also.

Many website owners assume they have their website security locked down because they use a CMS. However, there are often-overlooked weak spots that cyber security threats can infiltrate. It’s a good idea to draw up a website security plan with the expertise of your IT team, and create a policy regarding what happens when you are faced with a threat. Some key security points include:

Start with limited access

Users should be given the minimum in accessibility requirements as needed for their position (designer, writer, guest author, etc). Ex-employees can represent online security threats, so passwords should be regularly changed.

Ensure SSL

SSL – or secure sockets layer – prevents sensitive data that flows through a website from leaking. SSL protect data, but it does not protect a website itself from a security attack.

Decide on your OS

Your web host operating system has two options – Linux-based, or Windows-based. Linux is less used than Windows, so there are fewer known threats. Linux also has a strong open-source community behind it that works quickly to mitigate threats. Windows-based services begin with limited user accounts, meaning that users have to request access to gain administrative privileges. Theoretically this prevents security risks as trained Microsoft employees handle administrative requests.

Double-check your Plug-ins

Inactive plugins and apps can be riddled with security issues. Ensure that you are using plugins and apps that are still active and come from trusted providers, pay attention to updates and check for reported security issues prior to downloading plug-ins.

Ensure cookies are used properly

Cookies are a great tool for creating a well-designed user experience when it comes to customers regularly accessing a website. However, cookies need to be properly maintained to ensure security risks are mitigated. Cookies should never store highly sensitive information, they should have expiry dates, and if you can encrypt the information available within cookies, do so.

You want to make sure your customers have a great experience with your website, so ensure you following best practice when it comes to how you set up your website for business.


Cogito Group is an award-winning cybersecurity company specialising in authentication, cloud security, identity management and data protection. Cogito Group protect the authentication methods used to access information through the use of Identity and other security technologies.